New behaviour detection software on way

A new behaviour-based detection software product is due to hit the market in May, designed to catch, quarantine and eradicate malware not ordinarily detected by signature-based antivirus products.

Ellen Messmer, Network World
March 6, 2008

Share

Twitter

Facebook

LinkedIn

Google Plus

A new behaviour-based detection software product is due to hit the market in May, designed to catch, quarantine and eradicate malware not ordinarily detected by signature-based antivirus products.

Start-up firm NovaShield says its Windows-based software for PCs will recognise activity from keyloggers, Trojans, and botnets, and block them from executing.

NovaShield is primarily intended for consumers as it has no central management. It will block drive-by downloads of malware, by alerting users that suspicious activity is occurring.

"In this instance, there would be an alert to the user about web activity," says Somesh Jha, chief scientist and co-founder of NovaShield. "Once we flag these executables as suspicious, we block them. But we do offer the user a way to override it."

The move comes as several major anti-malware vendors, including McAfee, Symantec, Trend Micro and WebSense, are also tackling the problem of drive-by downloads, offering both signature-based and behaviour-based detection products.

But the approach to malware detection that NovaShield is taking probably bears the most resemblance to that of behaviour-based security product provider Sana Security, Jha says.